Whiteboxcrypto

News

August 2012

Yoni de Mulder has published his cryptanalysis of the Xiao-Lai white-box AES implementation.

ABSTRACT: In the white-box attack context, i.e., the setting where an
implementation of a cryptographic algorithm is executed on an untrusted
platform, the adversary has full access to the implementation and its
execution environment. In 2002, Chow et al. presented a white-box AES
implementation which aims at preventing key-extraction in the white-box
attack context. However, in 2004, Billet et al. presented an efficient
practical attack on Chow et al.'s white-box AES implementation. In
response, in 2009, Xiao and Lai proposed a new white-box AES
implementation which is claimed to be resistant against Billet et al.'s
attack. This paper presents a practical cryptanalysis of the white-box
AES implementation proposed by Xiao et al. The linear equivalence
algorithm presented by Biryukov et al. is used as a building block. The
cryptanalysis efficiently extracts the AES key from Xiao et al.'s
white-box AES implementation with a work factor of about 2^32.

The paper:

April 2012

SysK has published his attack on my WB-DES challenge in Phrack. See http://phrack.org

The magazine also includes an article on DRM security by Rod Schultz; an English version of which is also available here . His article covers some practical aspects related to white-box cryptography too.